{"id": "CVE-2021-22779", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2021-07-14T15:15:08.240", "references": [{"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-194-01", "tags": ["Vendor Advisory"], "source": "cybersecurity@se.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cybersecurity@se.com", "description": [{"lang": "en", "value": "CWE-290"}]}], "descriptions": [{"lang": "en", "value": "Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all versions prior to V15.0 SP1, including all versions of Unity Pro), EcoStruxure Control Expert V15.0 SP1, EcoStruxure Process Expert (all versions, including all versions of EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (all versions), Modicon M580 CPU (all versions - part numbers BMEP* and BMEH*), Modicon M340 CPU (all versions - part numbers BMXP34*), that could cause unauthorized access in read and write mode to the controller by spoofing the Modbus communication between the engineering software and the controller."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n por Spoofing en EcoStruxure Control Expert (todas las versiones anteriores a V15.0 SP1, incluyendo todas las versiones de Unity Pro), EcoStruxure Control Expert versi\u00f3n V15.0 SP1, EcoStruxure Process Expert (todas las versiones, incluyendo todas las versiones de EcoStruxure Hybrid DCS), SCADAPack RemoteConnect for x70 (todas las versiones), Modicon M580 CPU (todas las versiones - n\u00fameros de parte BMEP* y BMEH*), Modicon M340 CPU (todas las versiones - n\u00fameros de parte BMXP34*), que podr\u00eda causar un acceso no autorizado en modo de lectura y escritura al controlador mediante el spoofing de la comunicaci\u00f3n Modbus entre el software de ingenier\u00eda y el controlador"}], "lastModified": "2021-07-26T17:20:18.270", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43140BF9-455B-4E3C-BF5E-BB9BBF9802D2", "versionEndExcluding": "15.0"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9BF2D84-901E-4D34-941F-FFAB85B0E9D3"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_control_expert:15.0:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "939C02B6-B5C5-4F87-8179-4AFFE13FCFD2"}, {"criteria": "cpe:2.3:a:schneider-electric:ecostruxure_process_expert:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD97669F-93D5-42C4-BFC4-1993867F5911"}, {"criteria": "cpe:2.3:a:schneider-electric:remoteconnect:*:*:*:*:*:*:scadapack_x70:*", "vulnerable": true, "matchCriteriaId": "2D7E0B75-171E-4A73-B722-13473CE1B9D7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49646E6C-381F-495B-A5E8-8F522571D4AD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2317F260-7AA2-4178-B468-03DF36223E26"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep581020h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F472ED1-8FE6-43BC-A4FF-E956D17ED427"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep581020h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3D7DDC42-37A1-43B0-AD46-2E0D098564BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F1315A8-FDEE-487F-BA66-A99745783911"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "765E4FEE-255E-4C47-824A-5661B84B490B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582020h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F543A095-B798-4C5B-A2B6-DF893191EAC3"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582020h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B1FEA377-3C45-4F88-B233-088A24BD0771"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "71823B23-C4E6-40EC-AC9C-2EABFDAFE498"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EBCCDD6D-35CE-4680-8B0C-86584B1D8958"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040h_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BDD13AD-681C-4C7D-82D5-3017FB3BE852"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040h:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "68FD5968-C522-4231-A98C-93D3101B6148"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep582040s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B782A209-0612-4CA1-8438-6653D75F452C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep582040s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C02B27F6-B8CF-4D3B-9DA6-054F540EA6B6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43B3DF32-480E-4CE1-9396-B33CD5F63A22"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BBC38FF1-693E-4899-883C-1B7B80A52F2C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep583040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA09FB51-0FDC-4457-8ED6-A963CAB97DF4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep583040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "002E7F33-6729-4C35-9DDA-7D8383BD5668"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A9C82569-7D6C-4FD9-B5BB-2E9576FDFB0E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "47DFEBAC-2F1D-4870-8425-2199BF80B425"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1DC98F7D-BDCC-4CF1-BA80-55EA68C5DDB5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FC4A1DF2-FF4C-4DBE-BF74-6A4A09E3DECE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep584040s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CB7741EA-7955-4FC6-BE64-23EFBB0E3DC6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep584040s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6222C1F8-BE52-4666-B7F5-2E8BBC214F70"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "252FA576-D00F-4BF2-871D-291D209B443C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5376D9F4-8AFB-4909-A11B-33C54C4220DB"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep585040c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2786E51E-B042-4DEF-98CE-C46F381D468C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep585040c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "CADB178B-FEFD-48A9-B155-0E8F6D490229"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D9E6C74-FAEE-49D3-807B-7F8416C12725"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6B3C1879-269B-47EB-891B-EF2E90C911D7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmep586040c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B182E938-6B50-4F3A-BAF6-AD2637E31E43"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmep586040c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5771A1A5-3DAF-4869-A24F-F9B0A38B5DA5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C610F17-FD8F-425E-A169-47EA7E6E8A0A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F484F8BB-60B5-4045-92C3-0C2A0CD4107E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "355FFF2A-2B69-4340-AC49-257C0DC63B70"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4F0F823-89EA-451D-81DC-07AACA039371"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh582040s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "777E63F4-CC75-4D68-98CC-896C58EBDD5A"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh582040s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "610AE743-9FD1-4149-AD45-3B1DAE268BF9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BF0ACFD6-D1EE-4C25-A307-2E3FB67F4A20"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "77116949-1141-432D-964B-29A759939E8F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB46DD56-7A06-428C-97CB-E01C22BC8214"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B6CE23A2-09CC-4417-A45F-63BCA66C4DD8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh584040s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29482B31-563A-4931-B11E-FDE86F87F25E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh584040s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "97AAD857-95C0-4AE3-8510-CB306E8293F4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D261663-D224-4C92-A3F4-3509CAA78A36"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "07E2FB94-F402-4CF0-BE35-574C1C6528BA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040c_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C6737F3-F881-4BDC-A4F4-F6F08B88EC1E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040c:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2E776EE9-A662-4068-A61A-62CAE23C87F7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m580_bmeh586040s_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEBCF494-DC4C-4567-A5C8-2C8D93BAF289"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m580_bmeh586040s:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D53BD038-D594-41FF-B3EF-3365C5432AD0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp341000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8152BD1B-DB69-4BD0-9DD3-79FC059319B1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp341000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "178D2338-E48E-493C-992F-337AACE794DE"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342010_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4A4A2D03-6D4E-4ED9-A0CE-3DD681CB6E9F"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342010:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "833B2455-5D39-4457-9D6F-0CD738A2EB02"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342020_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C747D719-51A2-44F5-B940-89D84437DA95"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342020:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "99F2F851-C18F-4CB8-B47C-516F2AC7955D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:schneider-electric:modicon_m340_bmxp342030_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34CC8BAD-3D4F-4DAD-B8CE-09D0BF4A5E11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:schneider-electric:modicon_m340_bmxp342030:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E472ABB0-5556-4B96-9CEF-2180E24FA7FD"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cybersecurity@se.com"}